Download chapter 5: 'Developing a Higher Security Mind'
Excerpted from the book "Inside the Security Mind: Making the Tough Decisions," ISBN 0131118293, Copyright 2003. Written permission from Prentice Hall is required for all other uses. Copyright © 2005 Prentice Hall. All rights reserved.
THE ART OF HIGHER SECURITYEarlier I discussed the Virtue of Higher Focus as a fundamental security concept. With hundreds of thousands of hackers using hundreds of thousands of tools to exploit hundreds of thousands of vulnerabilities, there is little hope of addressing every possible security issue directly. Thus, it is important to approach security from a "higher" view.
If a new worm broke out, putting the Internet on high alert for contamination, it would, of course, be necessary to take a specific action, apply a specific patch, close a specific port on the firewall, or add a specific signature to all IDS devices. This is not contradicting the Virtue of Higher Focus. However, if we took specific actions that prevented only this worm and not the 100 similar worms soon to be developed, we would be in violation of this virtue.
The Virtue of Higher Focus represents the way in which we must think about security in our everyday lives. Addressing security in a higher manner helps us deal with two common security problems:
- It is impossible to secure ourselves by applying unique security measures for every vulnerability in existence.
- By thinking in terms of specific vulnerabilities and exploits, we are only able to react to security issues rather than deal with them proactively.
The question is, then, how do we deal with higher security? How do we work to keep ourselves safe when hundreds of new exploits are developed every month? The answer to these questions comes with some time-honored security practices, best practices that have been used for thousands of years. In this chapter, I will review several of the key security tools that will keep an organization safe, despite the highly dynamic nature of information warfare. All of the following practices help to generalize security practices and further develop security minds. These practices include:
- Thinking in zones
- Creating chokepoints
- Layering security
- Understanding relational security
- Understanding secretless security
- Dividing responsibilities
- Failing securely
THINKING IN ZONESZoning is a process that is essential for making any security decision. Briefly, zoning is the process by which we define and isolate different subjects and objects based on their unique security requirements. Again, I use the standard terms "subjects" and "objects" because we could really be talking about anything. Zoning is most commonly thought of as a network-based solution, but truly, the concept of zoning is fundamental to all security decisions. A store pharmacy could, for instance, be classified into three zones, or three separate places where security is treated in a different manner. There is the front counter, where the customer requests the drugs and provides payment; there is the technician, who relays the request to the lab in back and returns with the drugs; and then there is the actual pharmacist, who fills prescriptions. Each of these areas has its own unique risks, vulnerabilities, and security needs that define its zones. Imagine if we simply let the customers directly into the back room to fill their own prescriptions!
In this section, we will discuss several different zoning scenarios that are possible and the advantages each has to offer. We will then work to apply the zoning process by defining subjects and objects and determining which zoning scenario fits best. Almost every security decision, technical or non-technical, involves zones, so while going through each zoning scenario, be sure to keep an open mind for how these concepts can be applied. Remember that zoning is not a network-specific concept, and that zones should be created for applications, physical areas, and even for employee interactions as a defense against social engineering.
Defining a ZoneThe term "security zone" is thrown around a lot in the security world; it is used for everything from application design to security camera placement. So, how do we define a zone?
A zone is a logical grouping of resources that have a similar security profile. That is to say, it is a grouping of objects that have similar risks, trust levels, exposures, policies, or security needs. A client's computers connecting from across the Internet, for example, have a different level of security and trust than an internal DB server. Similarly, a local mail server that accepts mail directly from the Internet has a different level of exposure than an internal mail server. Thus, the two would be considered to be in two different zones.
Though there can be numerous zones within any situation, the most common scenarios involve the three zones shown in Table 5.1 the trusted (or internal) zone, the untrusted (or external) zone, and the semi-trusted zone (or DMZ). These three zones can apply to almost anything, including networking and application programming, as well as designing physical security layouts.
Separating ZonesHaving a security vulnerability or exposure is similar to having the common cold. If one object has it, all other objects near it are likely to be exposed. To protect valuable resources, we must be able to maintain high levels of security by protecting resources from zones of lesser security control. "Zoning" is the process by which we group similar objects into proper zones and separate them from other zones for added protection. The separation mechanism could be as simple as a firewall, a security control applet, or a locked door. The goal is to have some degree of control over what happens between the different zones.
Communication Between ZonesWhile separating zones is all well and good for security, it would not be practical to completely isolate all zones from each other and never allow them to communicate. Just because the Internet is untrusted does not mean we should simply cut off all internal access to it. However, allowing communication between zones can be extremely dangerous if the proper security measures are not taken. Fortunately, there are several conventions to safely allow access to take place between different security zones. Each convention has its own advantages and level of exposure to consider, but almost every situation can find a security solution in one of these zoning conventions.
In the following section, we will be looking at these zoning conventions. We will look at the different zoning possibilities and the levels of exposure associated with each, as shown in Figure 5.1. We will start with the least secure and least desirable scenario and progress to the most secure and desirable scenario. Each added level of security has its potential drawbacks in flexibility and functionality, so it is important to adopt the practice that provides the least exposure without making any harmful sacrifice in usefulness.
Visit the Prentice Hall PTR website for a detailed description and to learn how to purchase this title.